A Security Leadership Creed

Rules for Security Professionals To Live (and Die) By

Helen Patton
5 min readApr 2, 2023

--

A brown gavel on a white surface
Photo by Tingey Injury Law Firm on Unsplash

What makes a good Security Leader?

Certainly getting an award for security leadership is a dubious honor at best (if you must pay to get an award, do you deserve the award?). Being judged as a “good” leader is often left to the people who work near the leader — their boss, their team, their partners, their customers — most of whom don’t know enough about security to be a good judge of security leadership.

Is a good security leader one whose company has never succumbed to a security incident? Unlikely. In fact, the most respected leaders in the security industry often find themselves on the receiving end of a security event — it makes them better defenders and researchers.

Is a good security leader one who has great partnerships with stakeholders and other leaders? Yes — but this doesn’t mean there isn’t conflict, or disagreements, or tension. A security leader should be just that — a leader — not your best friend.

It would seem to me that that security leaders must judge for themselves whether they are a good leader, and that they must use a set of guiding principles that ring true for themselves, not others. Which got me thinking about what kinds of values are important to security leaders. So, as usual, I…

--

--

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen or on Mastodon @cisohelen@infosec.exchange